﻿@{
    // Set the layout page and page title
    Layout = "~/_SiteLayout.cshtml";
    Page.Title = "Forget Your Password?";

    bool passwordSent = false;
    bool isValid = true;
    var errorMessage = "";
    var emailError = "";
    var disabledAttribute = "";
    var resetToken = "";
    var email = Request.Form["email"] ?? Request.QueryString["email"];

    if (IsPost) {
        // validate email
        if (email.IsEmpty() || !email.Contains("@")) {
            emailError = "Please enter a valid email";
            isValid = false;
        }
        if (isValid) {
            if (WebSecurity.GetUserId(email) > -1 && WebSecurity.IsConfirmed(email)) {
                resetToken = WebSecurity.GeneratePasswordResetToken(email); //Optionally specify an expiration date for the token
            } else {
                passwordSent = true; // We don't want to disclose that the user does not exist.
                isValid = false;
            }
        }
        if (isValid) {
            var hostUrl = Request.Url.GetComponents(UriComponents.SchemeAndServer, UriFormat.Unescaped);
            var resetUrl = hostUrl + VirtualPathUtility.ToAbsolute("~/Account/PasswordReset?resetToken=" + HttpUtility.UrlEncode(resetToken));
            WebMail.Send(
                to: email,	
                subject: "Please reset your password", 
                body: "Use this password reset token to reset your password. The token is: " + resetToken + @". Visit <a href=""" + resetUrl + @""">" + resetUrl + "</a> to reset your password."
            );
            passwordSent = true;
            disabledAttribute = @"disabled=""disabled""";
        }
    }
}

<form method="post" action="">
    <fieldset>
        <legend>Password Reset Instructions Form</legend>
        @if (!WebMail.SmtpServer.IsEmpty()) {
            <p>
                We will send password reset instructions to the email address associated with your account. 
            </p>
            if (passwordSent) {
                <p class="message success">
                    Instructions to reset your password have been sent to the specified email address.
                </p>
            }
            if (!errorMessage.IsEmpty()) {
                <p class="message error">
                    @errorMessage
                </p>
            }
            <ol>
                <li class="email">
                    <label for="email">Email Address</label>
                    <input type="text" id="email" name="email" title="Email address" value="@email" @disabledAttribute @if(!emailError.IsEmpty()){<text>class="error-field"</text>} />
                    @if (!emailError.IsEmpty()) {
                        <label class="validation-error">@emailError</label>
                    }
                </li>
            </ol>
            <p class="form-actions">
                <input type="submit" value="Send Instructions" @disabledAttribute/>
            </p>
        } else {
            <p class="message info">
                Password recovery is disabled for this website because the SMTP server is 
                not configured correctly. Please contact the owner of this site to reset 
                your password.
            </p>
        }
    </fieldset>
</form>